[SRU][F:linux-bluefield][PATCH 0/2] CT offload fix for crash on stress
Roi Dayan
roid at nvidia.com
Sun Apr 11 11:45:21 UTC 2021
BugLink: https://bugs.launchpad.net/bugs/1922672
SRU Justification:
There is a race between netfilter GC updating ct conn timeout and other events
reading the timeout, potentially crashing the kernel.
* brief explanation of fixes
The fix is setting the offload timeout early and not relying on gc.
The fix is already upstream and cherry picked here.
* How to test
Testing was done with stress http traffic opening conns, short data, close conns.
different 5-tuple each time.
* What it could break.
Potentially crash the kernel.
Roi Dayan (2):
netfilter: conntrack: Move nf_ct_offload_timeout to header file
netfilter: flowtable: Set offload timeout when adding flow
include/net/netfilter/nf_conntrack.h | 12 ++++++++++++
net/netfilter/nf_conntrack_core.c | 12 ------------
net/netfilter/nf_flow_table_core.c | 2 ++
3 files changed, 14 insertions(+), 12 deletions(-)
--
2.26.2
More information about the kernel-team
mailing list